| ▲ | dsr_ 8 hours ago | |
If you can inject arbitrary malicious routes, you can make ACME requests for a new cert. | ||
| ▲ | ThomasGlanzmann 3 hours ago | parent [-] | |
You can mitigate this with DNSSEC, CAA records and account pinning. See: https://www.devever.net/~hl/xmpp-incident | ||